MalwareTech

Menu

  • Home
  • Speaking
  • Labs
  • Discord
  • About Me
  • Contact
  • Home
  • Speaking
  • Labs
  • Discord
  • About Me
  • Contact
Home / Labs / Strings / Strings2 /
Lab name:
Strings2
Lab Type:
Static Analysis
Languages:
x86_64
Platform:
Windows 64-bit
Difficulty:
Download:
https://labs.malwaretech.com/files/strings/strings2.rar
Password:
MalwareTechLabs

Looking for help or to connect with other cybersecurity enthusiasts?
Check out our official Discord Server: https://discord.gg/malwaretech
Please be sure to perform all analysis in a Virtual Machine . While these challenges are not real malware, some are designed to simulate malware and may trigger Antivirus detections. It's a good idea to get into the habit of not handling potentially malicious executables outside a VM.
This is a static analysis challenge, which means you won't need to run the executable or perform any debugging. All aspects of the task can be completed using a disassembler or decompiler.

Text strings, or just “strings” for short, are pieces of human-readable text contained within a piece of code.

Consider the following code:

printf("Hello World!");

This code calls the function printf with the text string Hello World. This will result in the application outputting “Hello World”. While the printf function call will be translated into machine code, the string will remain intact and stored somewhere within the application.

Under normal circumstance, code is stored in the .text section and strings are stored in the .data or .rdata section. This can be somewhat confusing as the application’s code is compiled to binary, therefore is not “text”.

By browsing sections like .data or .rdata it’s possible to see many of the text strings embedded within a normal application. Often these strings can give us clues as to what the application is doing.

Most malware will attempt to conceal, encrypt, or obfuscate text strings to avoid making it too easy to write detection rules or reverse engineer the code. There are many different techniques by which this can be done. These challenges will introduce you to just some of the many ways malware can conceal text.

This challenge introduces a common technique used by malware to concealing text strings inside code. You’ll need to perform static analysis and figure out how the flag is concealed.

Recommended Environment

Host Machine: Anything with an x86_64 CPU (32-bit CPUs won’t work and ARM CPUs will require an emulator).
Virtual Machine: VMware or VirtualBox
Operating System: Windows 10 64-bit
Disassembler: Binary Ninja or Ghidra

Note: for Windows Labs the walkthrough videos will be done using Binary Ninja, with a 64-bit Windows 10 Virtual Machine running on VMWare Workstation Pro. You are free to choose your own software & hardware, just be aware that there will only be official support for the recommendations listed above, any custom setups are your own responsibility.

While Static Analysis Labs require you to reverse engineer the application without running it, doing so will result in the application displaying a messagebox with an MD5 hash of the flag.

Stay Informed

Subscribe to my newsletter or get notified of new posts.

Marcus Hutchins
Threat intelligence analyst, programmer, ex-hacker.

Featured Posts

Jun 3, 2026
ComoDoS - Exploiting a Remote Kernel Vulnerability in Comodo Internet Security
Oct 24, 2025
Passively Downloading Malware Payloads Via Image Caching
Aug 4, 2025
Every Reason Why I Hate AI and You Should Too
Mar 28, 2025
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
Aug 27, 2024
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Feb 13, 2024
Bypassing EDRs With EDR-Preloading
Dec 27, 2023
Silly EDR Bypasses and Where To Find Them
Dec 25, 2023
An Introduction to Bypassing User Mode EDR Hooks
Dec 31, 2020
How I Found My First Ever ZeroDay (In RDP)
Mar 19, 2018
Best Languages to Learn for Malware Analysis
May 13, 2017
How to Accidentally Stop a Global Cyber Attacks
Apr 13, 2015
Hard Disk Firmware Hacking (Part 1)

Explore Topics

Explainers
14
Malware
17
Windows Internals
12
Hacking
13
Vulnerability Research
11
News
10
Analysis
10
Malware Analysis
16
Programming
4
Threat Intelligence
13
Opinions
12
Stories
3
WannaCry
2
Videos
3
Artificial Intelligence
1
Technology
1
Offensive Security
2

Menu

  • Home
  • Speaking
  • Labs
  • Discord
  • About Me
  • Contact

Recent Posts

Jun 3, 2026
ComoDoS - Exploiting a Remote Kernel Vulnerability in Comodo Internet Security
Oct 24, 2025
Passively Downloading Malware Payloads Via Image Caching

Stay Informed

Subscribe to my newsletter or get notified of new posts.

2026 © MalwareTech